1、指定禁用某个ID号的规则(例:拦截ID为942100)
SecRuleRemoveById 942100
2、禁用多个规则ID
SecRuleRemoveById 942100 942101 ......
3、禁用ID在941000-942000区间(包含前后ID)的所有规则
SecRuleRemoveById 941000-942000
4、禁用ID为942100、942100,以及ID在941000-942000区间(包含前后ID)的所有规则
SecRuleRemoveById 942100 942101 "941000-942000"
5、对192.168.1.100,192.168.1.50,10.10.50.0/24(网段)做白名单处理(id为自定义,不重复即可)
SecRule REMOTE_ADDR "@ipMatch 192.168.1.100,192.168.1.50,10.10.50.0/24" "id:162"
6、禁用Tag属性含有"attack-injection-php"的所有规则
SecRuleRemoveByTag "attack-injection-php"
7、当请求的发起IP地址是192.168.1.100时将ruleEngine设置为Off,即将192.168.1.100设置为白名单(id为自定义,不重复即可)
SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" "id:1000,phase:1,pass,nolog,ctl:ruleEngine=Off"
8、当被访问的URL为/index.php开头时,允许通过,不予拦截(id为自定义,不重复即可)
SecRule REQUEST_URI "@beginsWith /index.php" "id:1001,phase:1,pass,nolog,ctl:ruleRemoveById=942100"
9、当被访问的URL为/admin开头时,允许通过,不予拦截
SecRule REQUEST_FILENAME "@beginsWith /admin" "id:1003,phase:2,pass,nolog,ctl:ruleRemoveById=941000-942999"
注:REQUEST_FILENAME与REQUEST_URI虽然都表示对访问的URL进行匹配,但略有不同,REQUEST_FILENAME代表不包含GET请求参数的URL地址,如完整的URL为"/admin/index.php?username=admin&password=123456",REQUEST_URI代表"/admin/index.php?username=admin&password=123456",REQUEST_FILENAME仅代表"/admin/index.php"
|